This is to increase Security to the max by enforcing a server side managed Key per Session Cookie that gets a keyID sent to the Browser to allow decryption of the Other SessionID and Storage Cookies. This allows use to do Key cycling to prevent more types of Attacks on the system.
Needed for this to work.
Database Needs to support Saving KeyID separate from SessionID Storage.
KeyID needs to be a UUID too and can be encrypted to increase reliability.
Key Database side needs to be Encrypted for long term Storage and Security.
Key is only accessible to the Server Side and is loaded via the KeyID.
KeyID needs the capability to be Renewed like SessionID.
Key needs the ability to be Renewed.
System need to not break the current API config enabled.
genusistimelord
commented
1 year ago
This is to increase Security to the max by enforcing a server side managed Key per Session Cookie that gets a keyID sent to the Browser to allow decryption of the Other SessionID and Storage Cookies. This allows use to do Key cycling to prevent more types of Attacks on the system.
Needed for this to work.